Cotswold Hall

Privacy Policy

Last updated: 24-04-2026

1. Who We Are

We are a registered charity providing community services and venue/booking facilities. For the purposes of UK GDPR, we act as the Data Controller for the personal information collected through this website.

If you have any questions about this policy, you can contact us at: Email: trustee@cotswoldhall.co.uk

Address: Cotswold Hall, W End, Northleach, Cheltenham GL54 3HG.

2. What Personal Data We Collect

2.1 Data collected automatically (compliance and security)

Our website uses Wordfence, a security plugin that helps protect our site from malicious traffic. Wordfence may collect:

  • IP addresses
  • Browser and device information
  • Pages visited
  • Timestamps
  • Behavioral patterns associated with security threats

This data is collected for security purposes and is processed under our legitimate interest in keeping the website safe.

Wordfence’s privacy information is available here: wordfence.com

2.2 Data collected when you make a booking

When you create a booking through our system, we collect:

  • Name
  • Email address
  • Phone number
  • Booking details (service, date, time, preferences)
  • Payment information (processed securely by our payment provider; we do not store card details)
  • Confirmation of reading required documents (e.g., terms, health & safety)

2.3 Customer account and communication preferences

If you create an account or make repeated bookings, we may store:

  • Contact preferences
  • Booking history
  • Notes relevant to your booking
  • Opt‑in/opt‑out records for notifications

2.4 Cookies and analytics

We may use cookies for:

  • Essential site functionality
  • The Hu‑manity.co plugin may store a consent log (timestamp, consent choice, device/browser identifier) for compliance purposes.
  • Security
  • Booking system operation
  • Analytics (if enabled)
  • The Hu‑manity.co plugin sets cookies to remember your consent choices
  • These cookies do not track your behavior or collect analytics
  • They are strictly used for compliance with data‑protection laws
  • You can change or withdraw your consent at any time

You can manage cookies through your browser settings.

3. How We Use Your Data

We use your personal data to:

  • Process and manage bookings
  • Communicate with you about your booking
  • Send confirmations, reminders, or updates
  • Improve our services
  • Maintain website security
  • To display the cookie‑consent banner and manage your cookie preferences
  • To store your consent decision so the banner does not reappear unnecessarily
  • To comply with GDPR/CCPA requirements for recording consent

We do not use your data for advertising or profiling.

4. Our Legal Bases for Processing

We rely on the following lawful bases:

  • Contract:
    • To process your booking
  • Legitimate interest:
    • To ensure website functions correctly and respects user privacy choices
    • Website security
    • Fraud prevention
    • Service improvement
  • Legal obligation:
    • To comply with GDPR cookie‑consent requirements
    • financial and audit requirements
  • Consent:
    • For optional communications or marketing

5. Who We Share Your Data With

We only share data with trusted third parties necessary to operate our services, such as:

  • Wordfence (website security)
  • Hu‑manity.co (Cookie Compliance platform) for storing consent logs only; no personal data is used for marketing or analytics
  • Payment processors (for secure payments)
  • Email/SMS providers (for booking notifications)
  • IT service providers (hosting, backups, technical support)

We do not sell, rent, or trade your personal data with any third parties.

6. How Long We Keep Your Data

We retain data only for as long as necessary:

  • Booking records: 6 years for accounting and legal compliance
  • Customer contact details: 1 year after your last booking, unless you make a new booking (which resets the retention period)
  • Security logs (Wordfence): typically 30 days, unless required for investigation
  • Consent logs are retained only for as long as required for GDPR compliance and may be periodically renewed to ensure you can make an informed choice again.

You may request deletion sooner where legally permitted.

7. How We Protect Your Data

We use appropriate technical and organisational measures, including:

  • Encrypted connections (HTTPS)
  • Secure hosting
  • Access controls
  • Regular security monitoring
  • Wordfence firewall and malware scanning

No method of transmission is 100% secure, but we take data protection seriously.

8. Your Rights Under UK GDPR

You have the right to:

  • Access your data
  • Correct inaccurate information
  • Request deletion
  • Object to processing
  • Restrict processing
  • Request data portability
  • Withdraw consent (where applicable)
  • Lodge a complaint with the ICO

To exercise any of these rights, contact us at: trustee@cotswoldhall.co.uk

9. International Data Transfers

Some of our service providers may store data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK adequacy decisions
  • Standard Contractual Clauses (SCCs)

10. Changes to This Policy

We may update this privacy policy from time to time. The latest version will always be available on this page.

11. Contact Us

If you have any questions about this policy or how we handle your data, please contact: Email: trustee@cotswoldhall.co.uk Address: Cotswold Hall, W End, Northleach, Cheltenham GL54 3HG.